Forum Discussion
bosd_11235
Nimbostratus
Nimbostratuspersistance cookie and SSL Certificate
Hi,
we would like to change the rule that have been implemented in the F5 to improve the load balancing of our servers.
Our architecture is:
We have 2 apache servers which are load-balacing 2 weblogic servers.
On each apache servers we installed a cleartrust plug-in to be able to be authentified again Cleartrust.
When you are successfully authentified by Cleartrust, Cleartrust set a cookie into the session.
Currently our problem is all requests are coming from the same machine during 1 hour, they will always go to the same weblogic server.
Or we would like to have a real round robin.
I mean if there is 2 requests initiated by the same user on one machine, we would like that the request A goes to Weblogic Server A and the request B on the weblogic Server B.
In addition the SSL is implemented at the load balancer level.
So, can we use the cookie as a way to do this kind of round robin?
Or/and do we have to use the SSL?
Thanks in advance
Best Regards
Didier
5 Replies
hoolioCirrostratus
Hi Didier,
What iRule are you using now? Is the traffic through the virtual server decrypted on LTM? Can you provide a simple diagram of the traffic flow including the client, apache servers, cleartrust servers app servers and LTM? It's not clear to me which connections or requests you're trying to get better distribution for.
Thanks,
Aaron
naladar_65658Altostratus
To clarify a little... are you load balancing to two different apache web servers and then having each of those web servers pass traffic off to separate application servers?
bosd_11235Hi,
the rule that has been implemented is a persistance round robin with a time out of 1 hour. The round robin is dependant of the source ip. It means that if a user launch 1000 connections in less than 1 hour form the same machine, those sessions will reach the same weblogic server. Or i would like that the sessions would be dispatched between the 2 weblogic servers.
To better understand the problematic, i join an architecture diagram.
Thanks for your help
Best Regards
Didier- So you're running into an issue due to the persistence you're using. It sounds like you don't actually want persistence at all. You really want true round robin load balancing even when receiving repeat requests from the same client.
If that's the case, why not just remove the persistence record?
Or am I over simplifying?
Colin - bosd_11235Hi,
no we need to keep the persistance because if during a connection, the session goes from a weblogic server to an other, the user will be prompted by a login page.
So during 45 minutes(which is the time out of the web application), the users requests have to reach always the same weblogic server.
The cookie which is generated by cleartrust and put into the header of the web application is also valid during 45 minutes.
The value of this cookie is different even if a user open multiple connections from the same machine.
Best Regards
Didier
